Good points. The devil is in the detail. I earbashed the SDP Working Group for five years that the network layer access, routing and DNS insecurities are the major problem enforcing secure network communications. Without success, I might add :)
And while John Kindervag is correct that network segmentation is a key measure, and that Identity Management is not Zero Trust I think we must redefine Identity Management at the network layer. I would not be using the application layer OAuth approach.
In cloudland, identity management policy enforcement is applied at the transport and session layer. AWS, Azure, GCP and IBM IAM policies are the key to enforcing network perimeters. This is OK as far as it goes. There has to be improvements for hybrid cloud, I've noticed the holes in cloud-to-cloud, on premises-to-cloud etc communications are not being plugged.
My thinking is that we must redefine identity management at the network layer, because all the old network layer token userid protocols from one part of the network to another are the vulnerabilities through which hackers are crawling, and moving laterally. Network layer protocols were developed last century.
IMHO
Nya Alison Murray
Trac-Car Technology
UK +44 208133 9249
Australia +61 73040 1637
Switzerland +41 22548 1747
----------------------------------------
Original Message:
Sent: 8/22/2022 3:38:00 PM
From: Erik Johnson
Subject: ATARC 2022 Zero Trust Summit Recording and Keynote (8/9 in DC)
I was fortunate to be able to attend our partner's ATARC 2022 Zero Trust Summit, on August 9, 2022, at the Marriott Marquis, Washington D.C. During the event, we heard several great panels and presentations focused on utilizing emerging technologies to help strengthen the integration of Zero Trust technology in Government, hosted by IT thought-leaders within government, academia and private industry.
The visionary keynote was presented by John Kindervag, Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow at ON2IT Cybersecurity, Zero Trust Executive Steering Committee, Cloud Security Alliance. The slides are available here - https://learn.atarc.org/e/315131/08-ATARC-Zero-Trust-Slides-pdf/khg65/1858912828?h=1FxGlMY59zpHwX_kHMIZT2Ms66qL2QwW7-Eu2_LHglo
The recording of the entire event is available on YouTube here - https://learn.atarc.org/e/315131/owNWECFTlnU/khg62/1858912828?h=1FxGlMY59zpHwX_kHMIZT2Ms66qL2QwW7-Eu2_LHglo
------------------------------
Erik Johnson CCSK, CCSP, CISSP, PMP
Senior Research Analyst - Zero Trust & Financial Services
Cloud Security Alliance
------------------------------